Possibly. But Backblaze has an agreement with the user; and they have taken data they need / are justified in handling (filenames, sizes) and leaked them. Google docs wouldn't be liable if I stole your credit-card and put it in a Google doc.
It may be that fb is doing something illegal here too - eg the whole way tracking pixel work seems difficult to square with gdpr - but the tracking pixel/service looks a bit like the drill used to force a lock - another party (like BB) must deploy it. And arguably the purpose is not to "steal" data.
